SSL Certificates¶
Use the Certbot tool to obtain SSL certificates from Let’s Encrypt, which simplifies the process of obtaining and managing SSL certificates.
Install Certbot:
Start by installing Certbot and its Apache plugin:
sudo apt-get update sudo apt-get install certbot python3-certbot-apache
Obtain SSL Certificates:
Use Certbot to obtain SSL certificates for the domain, here for
dingx.gotdns.ch:sudo certbot --apache -d dingx.gotdns.ch -d dingx.gotdns.ch
Certbot will guide through the process, and once completed, it will automatically configure Apache to use the obtained SSL certificates.
Registered email address: logistics@moehring.ch
Certificate is saved at: /etc/letsencrypt/live/dingx.gotdns.ch/fullchain.pem
Key is saved at: /etc/letsencrypt/live/dingx.gotdns.ch/privkey.pem
See the files stored at
/etc/letsencrypt/live/dingx.gotdns.ch:cert.pem -> ../../archive/dingx.gotdns.ch/cert1.pem chain.pem -> ../../archive/dingx.gotdns.ch/chain1.pem fullchain.pem -> ../../archive/dingx.gotdns.ch/fullchain1.pem privkey.pem -> ../../archive/dingx.gotdns.ch/privkey1.pem
Automatic Renewal:
Let’s Encrypt certificates expire after 90 days, so it’s important to set up automatic renewal. Certbot includes a systemd timer that runs twice a day and automatically renews any certificate that’s within thirty days of expiration. There’s nothing additional to set up for this, it’s done automatically during installation.
Certbot will handle the entire process of obtaining and renewing the SSL certificates, making sure the website stays secure with HTTPS. After running Certbot, the Apache server should be configured with HTTPS enabled.
Trust the Self-Signed Certificate:
Configure the system to trust the self-signed certificate. This usually involves adding the certificate to the trusted certificate store.
On Linux:
sudo cp /path/to/self-signed-cert.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
On macOS:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /path/to/self-signed-cert.crt